The UK transportation sector underpins national mobility, economic productivity, and critical infrastructure resilience. From rail and public transport networks to international passenger services, transport organisations operate complex, safety-critical environments where cyber resilience is inseparable from operational continuity. These leaders sit at the intersection of IT, OT, regulation, and public trust, translating cyber risk into real-world impact across millions of daily journeys.
Below are senior cybersecurity leaders shaping security strategy across some of the UK’s most important transportation organisations.
Kashaf Rashid — Group Chief Information Security Officer, Mobico Group
Kashaf Rashid is Group Chief Information Security Officer at Mobico Group, overseeing cybersecurity across a global transport portfolio spanning bus, coach, and rail operations. His role focuses on strengthening cyber resilience across geographically distributed, operationally complex environments while enabling digital transformation at scale.
Prior to Mobico, Kashaf Rashid held senior cyber leadership roles at Meggitt, where he progressed from Head of Information and Cyber Security Operations to Director of Cyber Security, leading enterprise security operations, governance, and risk management. Earlier in his career, he managed SOC operations at Sainsbury’s and worked in governance, risk, and compliance consulting at Hewlett-Packard.
His background combines hands-on operational security leadership with enterprise-level governance, making him well-suited to managing cyber risk in safety-critical transport environments.
Sarah Hurley — Chief Information Security Officer, Arriva Group
Sarah Hurley is Chief Information Security Officer at Arriva Group, bringing extensive experience in security transformation across complex, international organisations. CISSP-qualified, she specialises in designing information security strategies that integrate governance, compliance, technology, and people.
Sarah Hurley has led the development and scaling of security functions across B2B and B2C environments, with experience spanning transport, financial services, insurance, retail, and the public sector. Her work is characterised by large-scale transformation programmes, operating in fast-changing global environments where security must adapt rapidly to business demands.
Known for strong stakeholder engagement and organisational leadership, she plays a key role in embedding security as a trusted enabler across Arriva’s multinational transport operations.
Krisztina Matkov — Head of Information Security, The Go-Ahead Group
Krisztina Matkov serves as Head of Information Security at The Go-Ahead Group, a multinational public transport operator. In this role, she leads cybersecurity governance, compliance, and enterprise risk management, with responsibility for disaster recovery, business continuity, and crisis management planning.
With a background spanning finance and IT, Krisztina Matkov brings a strong business perspective to security leadership. She works closely with executive teams, board members, and technical stakeholders to improve security maturity while maintaining operational performance across transport services.
She leads a lean security team delivering against demanding regulatory and operational requirements, achieving Cyber Essentials certification and progressing the organisation towards ISO 27001. Her academic and professional credentials include an MSc in Computer Science (Software and System Security), CISM certification, and NCSC accreditation.
Jules Gascoigne — Chief Information Security Officer, Transport for London
Jules Gascoigne is Chief Information Security Officer at Transport for London (TfL) and a member of its senior technology leadership team. With over 25 years of experience, he is accountable for cyber security across one of the world’s largest and most complex public transport networks.
Jules Gascoigne has held senior roles across aviation, financial services, professional services, and government-regulated environments, including positions at Virgin Atlantic, Barclays, the FCA, EY, and KPMG. He is a Fellow of the Chartered Institute of Information Security and holds a broad range of professional certifications.
A frequent industry speaker, he is known for advocating security that supports societal value — ensuring technology is secure, resilient, and sustainable in critical public services.
Dan Biggs — Chief Information Security Officer, Network Rail
Dan Biggs is Chief Information Security Officer at Network Rail, where he leads the organisation’s information security strategy across the UK’s national rail infrastructure. His remit covers security governance, risk management, incident response, and the protection of a large, diverse IT and operational estate.
Dan Biggs has spent over a decade at Network Rail, progressing from Operational Security Manager to CISO. He has led the development of 24×7 cyber detection and response capabilities, sponsored major security transformation programmes, and acted as a key interface with executive leadership, regulators, law enforcement, and industry partners.
His earlier career included senior IT operations and security roles in multinational commercial environments, giving him deep experience in scaling secure operations across complex, mission-critical systems.
The Cybersecurity Imperative for UK Transportation
Cybersecurity leaders in UK transportation operate at the frontline of critical national infrastructure. With increasing convergence of IT and operational technology, heightened regulatory scrutiny, and growing threat actor sophistication, the role of the transport CISO has become central to public safety, service continuity, and national resilience.
The leaders featured here exemplify how effective cybersecurity in transportation goes beyond technical controls, requiring governance, collaboration, and strategic leadership that aligns security with the realities of large-scale, always-on public services.